FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 06-03-2011, 07:38 PM
solarflow99
 
Default configuring SSL for windows replication

For self signed certs, as I understand it, the 389 supplier that has the CA must create a server cert for the windows host?* How can this cert be exported/imported since windows doesn't use pk12util?* Has anyone set this up, and can say the steps on windows 2008?* I see there are many options for installing IIS and Microsoft CA.


Thanks,
*

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-03-2011, 08:00 PM
Rich Megginson
 
Default configuring SSL for windows replication

On 06/03/2011 01:38 PM, solarflow99 wrote:
For self signed certs, as I understand it, the 389
supplier that has the CA must create a server cert for the windows
host?* How can this cert be exported/imported since windows
doesn't use pk12util?* Has anyone set this up, and can say the
steps on windows 2008?* I see there are many options for
installing IIS and Microsoft CA.


That's the easiest way to generate an SSL server cert for MS AD -
Install MS CA as an Enterprise Root CA - it will automatically issue
the AD server cert.



Otherwise, look here
http://directory.fedoraproject.org/wiki/Howto:WindowsSync - you can
use mmc with the Certificates snap-in to import/export certs and
pkcs12 files.




Thanks,

*



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-08-2011, 09:45 PM
David Baird
 
Default configuring SSL for windows replication

On 4/06/2011 8:00 a.m., Rich Megginson wrote:
> On 06/03/2011 01:38 PM, solarflow99 wrote:
>> For self signed certs, as I understand it, the 389 supplier that has the CA
>> must create a server cert for the windows host? How can this cert be
>> exported/imported since windows doesn't use pk12util? Has anyone set this up,
>> and can say the steps on windows 2008? I see there are many options for
>> installing IIS and Microsoft CA.
> That's the easiest way to generate an SSL server cert for MS AD - Install MS CA
> as an Enterprise Root CA - it will automatically issue the AD server cert.
>
> Otherwise, look here http://directory.fedoraproject.org/wiki/Howto:WindowsSync -
> you can use mmc with the Certificates snap-in to import/export certs and pkcs12
> files.

The procedure to generate the certificate request is outlined here
http://support.microsoft.com/default.aspx?scid=kb;en-us;321051 which is
referenced from the howto Rich mentions.

Here's something that may catch you out. When you use certreq on the Windows
server to generate a certificate request, it generates a corresponding key for
that request (storing it in the Documents and Settings hierarchy). If for any
reason, you need to generate another certificate, do NOT re-use the request file
(the .req file) you already have, you have to generate a new request.

If, and only if, your windows domain is running at 2008 Functional level, the
best place to put the CA certificate is in the NTDS service's certificate store
(as outlined at the bottom of the Knowledge Base article above). Otherwise
import it into the local computer account's personal store

David.
>>
>> Thanks,
>>
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 08:36 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org